AEwebworks aeDating 3.2/4.0 - 'search_result.php' SQL Injection

EDB-ID:

26263


Author:

alexsrb

Type:

webapps


Platform:

PHP

Date:

2005-09-15


source: https://www.securityfocus.com/bid/14847/info

AEwebworks aeDating is prone to an SQL injection vulnerability. This is due to a lack of proper sanitization of user-supplied input before it is used in an SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

http://www.example.com/search_result.php?Sex=male&LookingFor=female&DateOfBirth_start=18&DateOfBirth_end=40&Country%5B%5D=0UNION